package com.dowhere.config;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * WebSecurity配置类
 * @author 周谦
 * @date 2020/7/1 0001 14:26
 **/
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {

        //关闭CSRF保护
        //http.csrf().disable();
        //super.configure(http);

        //或者
        //http.csrf().ignoringAntMatchers("/eureka/**");
        //super.configure(http);

        http.authorizeRequests()//对请求进行鉴权
                .antMatchers("/login","/css/**")//登录页面不鉴权
                .permitAll();
        http.formLogin()
                .loginPage("/login")//登录页面
                .failureUrl("/login?error")//鉴权失败的页面
                .permitAll();
        http.csrf().disable();
        super.configure(http);
    }
}
